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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Previously Presented) A method for providing a secure user interface to a 
secured execution environment on a system comprising said secured execution environment and 
a second execution environment, comprising the steps of: 

accepting user input from a user input device; 

determining, based on said user input, whether said user input is intended for said secured 
execution environment; 

if said user input is not intended for said secured execution environment, transferring said 
user input to said second execution environment. 

2. (Original) The method of claim 1, where said step of accepting user input from a 
user input device comprises decrypting said user input. 

3. (Original) The method of claim 1, where said step of accepting user input from a 
user input device comprises establishing a secure communications channel with said user input. 

4. (Original) The method of claim 1, where said step of accepting user input from a 
user input device comprises verifying said user input. 

5. (Original) The method of claim 1, further comprising: 

if said user input is intended for said secured execution environment, determining 
a specific destination entity in said secured execution environment for said user input; and 
transferring said user input to said specific destination entity. 
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6. (Original) The method of claim 5, where said step of determining a specific 
destination entity in said secured execution environment further comprises: 

providing window management functionality for managing at least one graphical 
user interface element owned by said specific destination entity; and 

determining that said user input relates to said graphical user interface element. 

7. (Original) The method of claim 5, where said step of transferring said user input 
to said specific destination entity comprises: 

interpreting said user input. 

8. (Previously Presented) The method of claim 1, further comprising the steps of: 
accepting output from a specific source entity in said secured execution 

environment; and 

securely transferring said output to an output device. 

9. (Original) The method of claim 8, where said step of securely transferring said 
output to said output device comprises: 

encrypting said output data. 

10. (Original) The method of claim 8, where said step of securely transferring said 
output to said output device comprises: 

transferring said output to a curtained memory. 
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1 1 . (Previously Presented) A method for providing a secure user interface to a 
secured execution environment on a system comprising said secured execution environment and 
a second execution environment, comprising the steps of: 



12. (Previously Presented) The method of claim 11, where said output contains a data 
portion, and where said step of securely transferring said output to said output device comprises: 

encrypting said data portion of said output. 

13. (Original) The method of claim 11, where said step of securely transferring said 
output to said output device comprises: 

transferring said output to a curtained memory. 

14. (Previously Presented) A computer-readable storage medium containing 
computer executable instructions to providing a secure user interface to a secured execution 
environment on a system comprising said secured execution environment and a second execution 
environment, the computer-executable instructions to perform acts comprising: 

accepting user input from a user input device; 

determining, based on said user input, whether said user input is intended for said secured 
execution environment; 

if said user input is not intended for said secured execution environment, transferring said 
user input to said second execution environment. 

15. (Previously Presented) The computer-readable storage medium of claim 14, 
where said accepting user input from a user input device comprises decrypting said user input. 



accepting output from a specific source entity in said secured execution 



environment; and 



securely transferring said output to an output device. 
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16. (Previously Presented) The computer-readable storage medium of claim 14, 
where said accepting user input from a user input device comprises establishing a secure 
communications channel with said user input. 

17. (Previously Presented) The computer-readable storage medium of claim 14, 
where said accepting user input from a user input device comprises verifying said user input. 

18. (Previously Presented) The computer-readable storage medium of claim 14, 
wherein the computer-executable instructions are adapted to perform acts further comprising: 

if said user input is intended for said secured execution environment, determining 
a specific destination entity in said secured execution environment for said user input; and 
transferring said user input to said specific destination entity. 

19. (Previously Presented) The computer-readable storage medium of claim 18, 
where said determining a specific destination entity in said secured execution environment 
further comprises: 

providing window management functionality for managing at least one graphical 
user interface element owned by said specific destination entity; and 

determining that said user input relates to said graphical user interface element. 

20. (Previously Presented) The computer-readable storage medium of claim 18, 
where said transferring said user input to said specific destination entity comprises: 

interpreting said user input. 
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21. (Previously Presented) The computer-readable storage medium of claim 14, 
wherein the computer-executable instructions are adapted to perform acts further comprising: 

accepting output from a specific source entity in said secured execution 
environment; and 

securely transferring said output to an output device. 

22. (Previously Presented) The computer-readable storage medium of claim 21, 
where said output contains a data portion, and where said securely transferring said output to said 
output device comprises: 

encrypting said data portion of said output. 

23. (Previously Presented) The computer-readable storage medium of claim 21, 
where said securely transferring said output to said output device comprises: 

transferring said output to a curtained memory. 

24. (Previously Presented) A computer-readable storage medium containing 
computer executable instructions to providing a secure user interface to a secured execution 
environment on a system comprising said secured execution environment and a second execution 
environment, the computer-executable instructions to perform acts comprising: 



25. (Previously Presented) The computer-readable storage medium of claim 24, 
where said output contains a data portion, and where said step of securely transferring said 
output to said output device comprises: 

encrypting said data portion of said output. 



accepting output from a specific source entity in said secured execution 



environment; and 



securely transferring said output to an output device. 



Page 6 of 14 



DOCKET NO.: MSFT-2817/301 134.01 
Application No.: 10/693,407 
Office Action Dated: June 6, 2007 



PATENT 

REPLY FILED UNDER EXPEDITED 
PROCEDURE PURSUANT TO 
37 CFR § 1.116 



26. (Previously Presented) The computer-readable storage medium of claim 24, 
where said step of securely transferring said output to said output device comprises: 

transferring said output to a curtained memory. 

27. (Previously Presented) A trusted user interface engine for providing a secure user 
interface to a secured execution environment on a system comprising said secured execution 
environment and a second execution environment, comprising: 

an input trusted service provider accepting user input from a user input device, operably 
connected to said user device; 

a trusted input manager for determining, based on said user input, whether said user input 
is intended for said secured execution environment and, if said user input is not intended for said 
secured execution environment, transferring said user input to said second execution 
environment. 

28. (Original) The trusted user interface engine of claim 27, where said input trusted 
service provider decrypts said user input. 

29. (Original) The trusted user interface engine of claim 27, where said input trusted 
service provider establishes a secure communications channel with said user input. 

30. (Original) The trusted user interface engine of claim 27, where said input trusted 
service provider verifies said user input. 

3 1 . (Original) The trusted user interface engine of claim 27, where said trusted input 
manager, if said user input is intended for said secured execution environment, determines a 
specific destination entity in said secured execution environment for said user input; and where 
said trusted input manager further transfers said user input to said specific destination entity. 
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32. (Original) The trusted user interface engine of claim 31, further comprising: 

a trusted window manager that provides window management functionality for 
managing at least one graphical user interface element owned by said specific destination entity; 
and 

where said trusted input manager determines that said user input relates to said 
graphical user interface element. 

33. (Original) The trusted user interface engine of claim 3 1 , where said trusted input 
manager interprets said user input for said specific destination entity. 

34. (Original) The trusted user interface engine of claim 27, further comprising: 

a trusted output manager that accepts output from a specific source entity in said 
secured execution environment; and that securely transfers said output to an output device. 

35. (Previously Presented) The trusted user interface engine of claim 34, where said 
output contains a data portion, and where said trusted output manager encrypts said data portion 
of said output. 

36. (Original) The trusted user interface engine of claim 34, where said trusted output 
manager transfers said output to a curtained memory. 

37. (Previously Presented) A trusted user interface engine for providing a secure user 
interface to a secured execution environment on a system comprising said secured execution 
environment and a second execution environment, comprising: 

a trusted output manager that accepts output from a specific source entity in said 
secured execution environment; and that securely transfers said output to an output device. 
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38. (Previously Presented) The trusted user interface engine of claim 37, where said 
output contains a data portion, and where said trusted output manager encrypts said data portion 
of said output. 

39. (Original) The trusted user interface engine of claim 37, where said trusted output 
manager transfers said output to a curtained memory. 

40. (Original) The trusted user interface engine of claim 37, where said trusted output 
manager comprises: 

a trusted rendering interface providing rendering said output from said specific source 
entity; and where said secure transfer is a transfer of said rendered output. 
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